The Internet Is Now Weaponized, And You Are The Target

Tyler Durden's picture




 

By now, thanks to Edward Snowden, it is common knowledge and not just conspiracy theory, that every bit of information sent out into the wired or wireless ether is scanned, probed, intercepted and ultimately recorded by the NSA and subsequently all such information is and can be used against any US citizen without a court of law (because the president's pet secret NISA "court" is anything but). Sadly, in a country in which courtesy of peak social networking, exhibitionism has become an art form, the vast majority of Americans not only could not care less about Snowden's sacrificial revelations, but in fact are delighted the at least someone, somewhere cares about that photo of last night's dinner. However, it turns out that far from being a passive listener and recorder, the NSA is quite an active participant in using the internet. The weaponized internet.

Because as Wired reports, "The internet backbone — the infrastructure of networks upon which internet traffic travels — went from being a passive infrastructure for communication to an active weapon for attacks." And the primary benefactor: the NSA - General Keith Alexander massive secret army - which has now been unleashed against enemies foreign, but mostly domestic.

Enter the QUANTUM program....

According to revelations about the QUANTUM program, the NSA can “shoot” (their words) an exploit at any target it desires as his or her traffic passes across the backbone. It appears that the NSA and GCHQ were the first to turn the internet backbone into a weapon; absent Snowdens of their own, other countries may do the same and then say, “It wasn’t us. And even if it was, you started it.”

 

If the NSA can hack Petrobras, the Russians can justify attacking Exxon/Mobil. If GCHQ can hack Belgacom to enable covert wiretaps, France can do the same to AT&T. If the Canadians target the Brazilian Ministry of Mines and Energy, the Chinese can target the U.S. Department of the Interior. We now live in a world where, if we are lucky, our attackers may be every country our traffic passes through except our own.

 

Which means the rest of us — and especially any company or individual whose operations are economically or politically significant — are now targets. All cleartext traffic is not just information being sent from sender to receiver, but is a possible attack vector.

... which is basically packet injection:

The QUANTUM codename is deliciously apt for a technique known as “packet injection,” which spoofs or forges packets to intercept them. The NSA’s wiretaps don’t even need to be silent; they just need to send a message that arrives at the target first. It works by examining requests and injecting a forged reply that appears to come from the real recipient so the victim acts on it.

 

The technology itself is actually pretty basic. And the same techniques that work on on a Wi-Fi network can work on a backbone wiretap. I personally coded up a packet-injector from scratch in a matter of hours five years ago, and it’s long been a staple of DefCon pranks.

Traditionally, packet injections has been used mostly for censorship purposes:

The most infamous use of packet injection prior to the Snowden leaks was censorship, where both internet service providers (ISPs) and the Great Firewall of China injected TCP reset packets (RST) to block undesired traffic. When a computer receives one of these injected RST packets, it closes the connection, believing that all communication is complete.

 

Although public disclosure forced ISPs to stop this behavior, China continues to censor with injected resets. It also injects the Domain Name System (DNS) — the system all computers use to turn names such as “www.facebook.com” into IP addresses — by inserting a fake reply whenever it sees a forbidden name. (It’s a process that has caused collateral damage by censoring non-Chinese internet traffic).

And user identification, especially in making Tor obsolete. That's right: all users of Tor believing they hide behind the veil of anonymity - you aren't.

User cookies, those inserted by both advertising networks and services, also serve as great identifiers for NSA targeting. Yet a web browser only reveals these cookies when communicating with such sites. A solution lies in the NSA’s QUANTUMCOOKIE attack, which they’ve utilized to de-anonymize Tor users.

 

A packet injector can reveal these cookies by replying to an unnoticed web fetch (such as a small image) with a HTTP 302 redirect pointing to the target site (such as Hotmail). The browser now thinks “hey, should really go visit Hotmail and ask it for this image”. In connecting to Hotmail, it reveals all non-secure cookies to the wiretap. This both identifies the user to the wiretap, and also allows the wiretap to use these cookies.

 

So for any webmail service that doesn’t require HTTPS encryption, QUANTUMCOOKIE also allows the wiretap to log in as the target and read the target’s mail. QUANTUMCOOKIE could also tag users, as the same redirection that extracts a cookie could also set or modify a cookie, enabling the NSA to actively track users of interest as they move across the network — although there is no indication yet that the NSA utilizes this technique.

But all of the above are largely passive interception and surveillance strategies. Where it gets interesting is when the NSA's mission is...

User Attack

 

The NSA has a collection of FOXACID servers, designed to exploit visitors. Conceptually similar to Metasploit’s WebServer browser autopwn mode, these FOXACID servers probe any visiting browser for weaknesses to exploit.

 

All it takes is a single request from a victim passing a wiretap for exploitation to occur. Once the QUANTUM wiretap identifies the victim, it simply packet injects a 302 redirect to a FOXACID server. Now the victim’s browser starts talking to the FOXACID server, which quickly takes over the victim’s computer. The NSA calls this QUANTUMINSERT.

 

The NSA and GCHQ used this technique not only to target Tor users who read Inspire (reported to be an Al-Qaeda propaganda magazine in the English language) but also to gain a foothold within the Belgium telecommunication firm Belgacom, as a prelude to wiretapping Belgium phones.

 

One particular trick involved identifying the LinkedIn or Slashdot account of an intended target. Then when the QUANTUM system observed individuals visiting LinkedIn or Slashdot, it would examine the HTML returned to identify the user before shooting an exploit at the victim. Any page that identifies the users over HTTP would work equally well, as long as the NSA is willing to write a parser to extract user information from the contents of the page.

 

Other possible QUANTUM use cases include the following. These are speculative, as we have no evidence that the NSA, GCHQ, or others are utilizing these opportunities. Yet to security experts they are obvious extensions of the logic above.

 

HTTP cache poisoning. Web browsers often cache critical scripts, such as the ubiquitous Google Analytics script ‘ga.js’. The packet injector can see a request for one of these scripts and instead respond with a malicious version, which will now run on numerous web pages. Since such scripts rarely change, the victim will continue to use the attacker’s script until either the server changes the original script or the browser clears its cache.

 

Zero-Exploit Exploitation. The FinFly “remote monitoring” hacking tool sold to governments includes exploit-free exploitation, where it modifies software downloads and updates to contain a copy of the FinFisher Spyware. Although Gamma International’s tool operates as a full man-in-the-middle, packet injection can reproduce the effect. The injector simply waits for the victim to attempt a file download, and replies with a 302 redirect to a new server. This new server fetches the original file, modifies it, and passes it on to the victim. When the victim runs the executable, they are now exploited — without the need for any actual exploits.

 

Mobile Phone Applications. Numerous Android and iOS applications fetch data through simple HTTP. In particular, the “Vulna” Android advertisement library was an easy target,  simply waiting for a request from the library and responding with an attack that can effectively completely control the victim’s phone. Although Google removed applications using this particular library, other advertisement libraries and applications can present similar vulnerabilities.

 

DNS-Derived Man-in-the-Middle. Some attacks, such as intercepting HTTPS traffic with a forged certificate, require a full man in the middle rather than a simple eavesdropper. Since every communication starts with a DNS request, and it is only a rare DNS resolver that cryptographically validates the reply with DNSSEC, a packet injector can simply see the DNS request and inject its own reply. This represents a capability upgrade, turning a man-on-the-side into a man-in-the-middle.

 

One possible use is to intercept HTTPS connections if the attacker has a certificate that the victim will accept, by simply redirecting the victim to the attacker’s server. Now the attacker’s server can complete the HTTPS connection. Another potential use involves intercepting and modifying email. The attacker simply packet-injects replies for the MX (Mailserver) entries corresponding to the target’s email. Now the target’s email will first pass through the attacker’s email server. This server could do more than just read the target’s incoming mail, it could also modify it to contain exploits.

 

Amplifying Reach. Large countries don’t need to worry about seeing an individual victim: odds are that a victim’s traffic will pass one wiretap in a short period of time. But smaller countries that wish to utilize the QUANTUMINSERT technique need to force victims traffic past their wiretaps. It’s simply a matter of buying the traffic: Simply ensure that local companies (such as the national airline) both advertise heavily and utilize in-country servers for hosting their ads. Then when a desired target views the advertisement, use packet injection to redirect them to the exploit server; just observe which IP a potential victim arrived from before deciding whether to attack. It’s like a watering hole attack where the attacker doesn’t need to corrupt the watering hole.

Can anything be done to prevent the NSA's internet army from running over a world that spends the bulk of its time in its reaches? Not much:

The only self defense from all of the above is universal encryption. Universal encryption is difficult and expensive, but unfortunately necessary. Encryption doesn’t just keep our traffic safe from eavesdroppers, it protects us from attack. DNSSEC validation protects DNS from tampering, while SSL armors both email and web traffic.

 

There are many engineering and logistic difficulties involved in encrypting all traffic on the internet, but its one we must overcome if we are to defend ourselves from the entities that have weaponized the backbone.

Alas, in the battle against the NSA, the biggest enemy is not the authoritarian state's Super Big Brother, but apathy itself. It is that war that is by far the most important one, and which America has already lost.

0
Your rating: None
 

- advertisements -

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Fri, 11/15/2013 - 23:23 | 4159935 VD
VD's picture

until the NSA is itself targeted and taken offline, the gov will subvert and pervert all basic rights.

Fri, 11/15/2013 - 23:47 | 4159959 wee-weed up
wee-weed up's picture

 

 

(Disclosure... I hate Bush.)

If Bush had done this...

The Libs and their MSM...

Would be screaming bloody murder!

But, since it's The OBlameBush in charge...

Nothing... just the sound of crickets...

Fri, 11/15/2013 - 23:53 | 4159969 knukles
knukles's picture

Oh ye naysayers....
Long ago, ripped by "those who so knew well" that they were safe behind TOR and strong encryption
Again..... And perhaps for the very last time

If it's linked to electronic medium in any way, they own it

Period

Sat, 11/16/2013 - 00:08 | 4159996 El Oregonian
El Oregonian's picture

Hello Moto...

Sat, 11/16/2013 - 00:35 | 4160019 hedgeless_horseman
hedgeless_horseman's picture

 

 

 

“You have zero privacy anyway. Get over it,” 
said Sun Microsystems' CEO, Scott McNealy, in 1999.

 

Well...


...at least someone, somewhere cares about that photo of last night's dinner.

A toast to Tyler Durden, Ed Sowden, and all you others out there that wish for freedom, privacy, and peace.  

Cheers!

 



Sat, 11/16/2013 - 00:37 | 4160037 q99x2
q99x2's picture

Pass the ketchup.

Sat, 11/16/2013 - 00:45 | 4160053 john39
john39's picture

Clean food? Obviously a terrorist. Nothing a few vaccinations, some gmo's and some chemtrails can't handle.

Sat, 11/16/2013 - 01:30 | 4160096 indio007
indio007's picture

Wait till you have to start paying extra for those fine ingredients.

Sat, 11/16/2013 - 07:51 | 4160253 GetZeeGold
GetZeeGold's picture

 

 

If Bush had done this...

The Libs and their MSM...

Would be screaming bloody murder!

 

YOU LIE!!!

Why can't you see we know what's best for you?

Sat, 11/16/2013 - 09:31 | 4160305 johnQpublic
johnQpublic's picture

fuck it , cut the cord

-ratm

Sat, 11/16/2013 - 12:59 | 4160539 fonestar
fonestar's picture

I think it should be pretty basic knowledge for TOR users that you should not have javascript and cookies enabled.

Honeypots, traffic and timing analysis are a different matter.

Sat, 11/16/2013 - 10:17 | 4160345 Ying-Yang
Ying-Yang's picture

Thanks for the information... depressing as it is.

Read up on Amazon. Their Amazon Web Services, AWS, is 5x larger than the next 14 largest web services companies. That is huge.

Take note of some of their clients using AWS:

Linked in

Spotify

Netflix

DropBox

SAP

CIA, yes the CIA

US Postal Service

The Amazon store is AWS biggest customer. Amazon is a tremendous honeypot for data.

Time for whitehats to counter.

 

Sat, 11/16/2013 - 11:58 | 4160468 walküre
walküre's picture

Noteably ACA is not using AWS

Sat, 11/16/2013 - 19:51 | 4161311 Keyser
Keyser's picture

Doesn't matter if you're a white hat or black hat. I depends on who you work for when it comes to prosecution. 

Sat, 11/16/2013 - 01:31 | 4160097 CvlDobd
CvlDobd's picture

One of the few that is allowed to post pics and we constantly have to look at what you ate for dinner last night? What the fuck is this place? Facebook? Any baby pictures you want to share?

Sat, 11/16/2013 - 02:12 | 4160134 michael_engineer
michael_engineer's picture

Suppress this  ? 

http://iCanMorph.com

Sat, 11/16/2013 - 02:51 | 4160158 prains
prains's picture

dude, you need to just relax and eat your wifes chicken pot pie once in awhile, it'll do you both a wonder of good

Sat, 11/16/2013 - 13:15 | 4160560 CvlDobd
CvlDobd's picture

I thought I signed up for fight club, not the food network. My mistake.

Sat, 11/16/2013 - 15:10 | 4160740 Terminus C
Terminus C's picture

You seem to be forgetting that there is a war over what you eat and it is more central to your life that any financial shenanigans.  HH is fighting back... thus why his dinner is on fight club.

Sat, 11/16/2013 - 15:41 | 4160784 MsCreant
MsCreant's picture

Sedation or Sedition? That is where the food issue is. 

Food Fight Club, Bitchez.

Sat, 11/16/2013 - 19:53 | 4161315 Keyser
Keyser's picture

No secret on posting pics, you just need to know how, as in inline html tags... 

Sat, 11/16/2013 - 20:20 | 4161378 CvlDobd
CvlDobd's picture

I'm not forgetting the food issue, I just give nary a fuck about what anyone on ZeroHedge had for dinner last night.

 

Sat, 11/16/2013 - 19:12 | 4161232 jerry_theking_lawler
jerry_theking_lawler's picture

you did...and you are thoroughly getting 'beat up' with down arrows for running your mouth....in the real world, you would be in a shallow grave by now.

Sat, 11/16/2013 - 03:08 | 4160160 Tasty Sandwich
Tasty Sandwich's picture

 

 

 

 

Sat, 11/16/2013 - 07:49 | 4160255 Running On Bing...
Running On Bingo Fuel's picture

Where's Pure Evil and his cock pics? I'm sure you'll like those.

Over.

Sat, 11/16/2013 - 10:06 | 4160331 VD
VD's picture

agreed CvlDobd: he would be better off on Facebook! but unfortunatly he won't heed the comments...he even posts his personal abatoir slaughter pics -- a real self-entitled piece of work.

Sat, 11/16/2013 - 10:14 | 4160341 shovelhead
shovelhead's picture

Sounds like someone needs some bacon.

Sat, 11/16/2013 - 12:06 | 4160473 prains
prains's picture

unfortunately for you VD i'm positive there's not a women in the world offering you her chicken pot pie and if by some miracle there is, you'll need to do a chromosone test on her ASAP

Sat, 11/16/2013 - 13:24 | 4160571 DaveyJones
DaveyJones's picture

This isn't about dinner.

Think it through

He grows a lot of what he snaps and shares.

Many wise people on this site have come to conclude that food production can not (nd will not) be seperated from the economic, corporate, government, and criminal issues we discuss. Don't believe me, check out Monsanto execs and the FDA. Peak oil and local economies are another growing and overwhelming factor.   

This site is about education and more important about the SYNTHESIS of many disciplines to understand what's happening for our survival

health is an economic princpile

don't believe me, look at the news

This site has also evolved (whether intended or not) to a very odd type of support network. Not too surprising given the incredible pressures and crimes being heaved upon the common man in an incredibly unique chapter in human hisotry.

Try a wider horizon.    

Sat, 11/16/2013 - 15:47 | 4160794 MsCreant
MsCreant's picture

Excellent comment Davey Darling. Very level of you. Folks that don't know, don't know, and really can't help it until someone tells em'. Many of us come to the party here at fight club with bits and pieces of the puzzle regarding just how thorough our subjugation is. They know it is bad, but they don't know it is this bad. 

I remember the day I learned about the relationship between the Fed and the Treasury. Some folks were like, "This is news to you?" And it really was. And my mind was blown. And everything changed. 

People need to look at their food before any thing else (except maybe their water in some cases).

Sun, 11/17/2013 - 01:22 | 4161878 DaveyJones
DaveyJones's picture

thanks MsC. Good to know you're growin

Sun, 11/17/2013 - 14:37 | 4162817 Infnordz
Infnordz's picture

+1

I think a lot of people new to ZH may be ignorant of the shocking scale of rampant corporatism, and that extra government regulation and other interferrence has irronically caused more corruption, because it caused reputation to no longer matter.

I think you will find that clean water is even more critical than clean food, especially where Flourine compounds are (criminally) added, or it still contains Pharmacutical drug residues; even relatively good quality Chlorinated, mains water should probably be filtered before use, so I recently got a Big Berkey gravity filter for routine use, and to filter unprocessed water, without the need for sterilising chemicals, if required.  I've used Brita filters, and looked at ZeroWater, but they are inadequate or more costly to run plastic consumer toys; I also looked at undersink filters, but they need plenty of pressure to work, are quite bulky, and can harmfully demineralise water.

Just watch the chaos if the mains water pressure plummets long enough for roof tanks to empty, and all the bottled water sells out; it won't matter if you have clean food if you can't get enough clean water too.  This could easily happen if there is a big enough water leak, or some other stoppage occurs.

Mon, 11/18/2013 - 14:48 | 4166035 cougar_w
cougar_w's picture

"They know it is bad, but they don't know it is this bad."

It's rather worse than that. Most people have already been stripped of the critical thinking skills required to know how important it is to possess critical thinking skills. From that point of deep cognitive scarring there is no possible recovery. But you would need to be really sharp to even know that.

Sat, 11/16/2013 - 12:33 | 4160510 Diogenes
Diogenes's picture

Kittayz

Sat, 11/16/2013 - 13:18 | 4160565 j0nx
j0nx's picture

I agree. It annoys the piss out of me when people post photos of the dinner they are about to eat.

Sat, 11/16/2013 - 13:34 | 4160590 GoinFawr
GoinFawr's picture

Still, you have to admit it's better than posting pics of meals they've already eaten.

Sat, 11/16/2013 - 18:55 | 4161189 LongBallsShortBrains
LongBallsShortBrains's picture

You didn't build that......

Sat, 11/16/2013 - 14:05 | 4160634 yofish
yofish's picture

Can't have the riff-raff with all the toys, mate. Heedless Horseman most certainly pees, but for quite different reasons.

Sat, 11/16/2013 - 14:11 | 4160640 yofish
yofish's picture

Oh-oh, here come the pics of white wabbits hanging in a horse barn somewhere in Kentucky.

Sat, 11/16/2013 - 17:09 | 4160970 11b40
11b40's picture

Actually, H_H contributes far more than just photos.  He also contributes far more than you.

Sat, 11/16/2013 - 01:31 | 4160098 A Nanny Moose
A Nanny Moose's picture

HH. FWIW, my goal is to create value worthy of exchange with the likes of you.

This past summer, I was able to produce nectarines from nectarine pits that came from nectarines purchased at the Farmers' Market. My tomatoes now spring up like weeds...from seed. Rosmary bushest are 3 Feet tall. It is a work in progress.

Sat, 11/16/2013 - 15:51 | 4160801 MsCreant
MsCreant's picture

Psst-- me too. Peaches, apples, berry bushes, figs, paw-pawa, spices, every kind of mint you can imagine. I have waaay too much rosemary!

One straw revolution..hope you have heard of it. I am working towards it.

Sat, 11/16/2013 - 20:49 | 4161449 LongBallsShortBrains
LongBallsShortBrains's picture

Apples from seed?

I hope you plan on grafting.

Sat, 11/16/2013 - 02:17 | 4160138 thisandthat
thisandthat's picture

Smells delicious - just saying!...

Sat, 11/16/2013 - 13:05 | 4160550 ebworthen
ebworthen's picture

An "N.S.A. sucks just as bad as Al Queda pressure cooker chicken belly bomb meal of a backpack Super Bowl new Rome proportions repaste of pressurized Champagne" toast to you!

Sat, 11/16/2013 - 00:14 | 4159997 GoinFawr
GoinFawr's picture

Read it again

Sat, 11/16/2013 - 00:38 | 4160041 seek
seek's picture

That's what they want you to believe.

Sat, 11/16/2013 - 03:11 | 4160166 ISEEIT
ISEEIT's picture

I despise the ignorant perversity of truth worshiped by the political left. That being said though, they (some) do pay lip service to the rape of our Liberty. Like the proverbial chick in the mini and no panties being groped at the bar, they do have the 'virtue' of acting as if they don't like it.

Leftist delusions cannot be made sustainably manifest absent absolute denial of individual free will.

Sat, 11/16/2013 - 06:49 | 4160232 Acet
Acet's picture

You, my friend, are part of the problem.

You fell hook, sink and line for the divide and conquer techniques that the totalitarians use to keep the riff-raff divided and powerless.

If you think government surveilance and the police state has anything to do with left wing or right wing, then you're a fool.

Sat, 11/16/2013 - 10:15 | 4160342 aint no fortuna...
aint no fortunate son's picture

You nailed it Acet - they want us fighting each other over insignificant ideological bullshit or drooling on ourselves in the barcalounger, anything so we don't look at who the REAL enemy is. And we fall for it every time. We're fucking toast.

Do NOT follow this link or you will be banned from the site!